Reproducible Tails builds

We have received the Mozilla Open Source Support award in order to make
Tails ISO images build reproducibly. This project was on our roadmap for
2017 and with the release of Tails 3.3 we are proud to present one of the
world's first reproducible ISO images of a Linux operating system.

From source code to binary code

When we write software, we do this using programming languages which a human
can read and understand. This is called the source code. One can imagine
source code much like a very precise recipe. Such a recipe describes an
exact procedure: which ingredients and which amount of ingredients do you
need? How should they be mixed together at which temperature should they be
cooked or baked? The recipe will even describe the expected outcome: how the
meal should look and taste like.

When we generate a Tails ISO image, our source code and the Debian packages
we include are assembled into a binary ISO image, much like when the
ingredients of the recipe are mixed together, one obtains the meal. The
amounts and ingredients of this meal cannot be easily reverse
engineered. The result of our cooking process is a Tails ISO image which
users download and install onto a USB stick.

We, chefs and aides in the kitchen (Tails developers and contributors),
provide you, our users, with several means to verify that this ISO image is
indeed the one we want you to download, either using our Firefox add-on
which does this verification automatically for you or by using our OpenPGP
signature. Both of these verification methods simply tell you that the ISO
image is the image which we want you to download: That the meal you get is
indeed the meal that you've ordered, and not a meal which has been poisoned
or exchanged by an evil waiter (such as a download mirror).

However, even with such sophisticated verification methods, it is still
impossible to trace back the meal to the recipe: Does the meal contain only
the ingredients it is supposed to contain? Or could unauthorized personnel
have broken into the kitchen at night, and then poisoned the ingredients and
made the oven cook at 50 degrees higher than displayed? In other words,
could a malicious entity have compromised our build machines? That's what
reproducible builds help verify and protect against.

What's a reproducible build?

Reproducible builds are a set of software development practices that create
a verifiable path from human readable source code to the binary code used
by computers. (quoted from https://reproducible-builds.org/)

In other words, with reproducible builds, each cooking process of the same
recipe is exactly repeatable.

At Tails, we have worked during a year to implement such a set of
practices. This makes it now possible to compare ISO images built by
multiple parties from the same source code and Debian packages, and to
ensure that they all result in exactly the same ISO image.

Or again, using our cooking metaphor: Several of us will cook the meal,
compare that we all cooked the same meal and only once we're sure about
that, we will deliver it to you.

We all can thus gain confidence that no broken oven has introduced malicious
code or failures: or we would notice it before delivering the meal.

What does this mean for you as a user?

This does not change anything in the way you download and install Tails, and
you don't have to make additional verifications. It simply helps trust that
the Tails ISO image that we distribute is indeed coming from the source code
and Debian packages it is meant to be made of. With reproducible Tails, it
only takes one knowledgeable person to build Tails and compare with the ISO
image the Tails project distributes to uncover some kinds of backdoors.

And by the way, not only our ISO images are now reproducible, but so are our
incremental upgrades. And you are benefiting from this improvement without
even noticing :)

Thank you

Besides Mozilla's Open Source Support and the Reproducible Builds community
that provided critical help where we strongly needed it, we'd also like to
thank all members of our community who helped us test this process. You
giving us a hand is much appreciated!